Tuesday, December 30, 2008

Windows XP: Stop Security Center From Nagging You

Windows XP Service Pack 2 (SP2) added the Security Center, which centralize most security-related functions to one control panel. By default, if it finds a problem it will start nagging you to fix it. For example, if you turned off automatic updates or it doesn't recognize your anti-virus application. Here is how to turn off this feature:
  • Open the Control Panel folder
  • Open the Security Center control panel
  • In the left pane, click the link labeled "Change the way Security Center alerts me"
  • Uncheck the item(s) that it's complaining about (i.e.: firewall, automatic updates, or virus protection)
  • Press the OK button.

Wednesday, December 17, 2008

Microsoft Security Bulletin MS08-078 - Critical: Security Update for Internet Explorer (960714)

Microsoft just released an Out-of-Band security bulletin MS08-078. Generally any Out-of-Band security patches are important, because they fix a problem that needs to be addressed now. MS08-078 (960714) is a critical security update for Internet Explorer.

Here is an excerpt from the Microsoft site about this patch: "This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.

If you can't or don't want to install the patch right now for some reason, here are some instructions on how to set the security level of IE's Internet zone to High. This can protect you by blocking any scripting technology (i.e: Javascript, Flash, Silverlight, etc.) from running on any web site. Although by using this feature you will disable most web sites functionality, such as dropdown menus and animation.
  • Open an Internet Explorer
  • From the Tools menu select Internet Options..., and click the Security tab
  • Click the Internet zone icon in the top part of the dialog box and move the slider control below it to High.
Note: To get around issue this you must add the sites to the Trusted Sites zone, its in the same dialog as the Internet zone outline in the instructions above.

Monday, December 15, 2008

Windows Vista: Starting Programs with Elevated Privileges

Do you need to automatically start applications that require elevated privileges when you log into Windows Vista? To accomplish this we are going to have to use the Vista Task Scheduler.

Follow the instructions below to learn how to do this:
Note: You need an account with administrative privileges to the computer for this tip to work.
  • Remove the programs from the Startup group if they are already there
  • From the Search field in the Start menu type "Task Scheduler".
  • In the Task Scheduler, press the "Create Task..." link in the Action panel on the right.
  • Type a name for the new task, for example "Start Notepad"
  • Check the "Run with highest privileges" checkbox
  • Click the Triggers tab.
  • Press the New button.
  • From the "Begin the task" dropdown menu, select "At log on."
  • In the setting section, choose the "Specific user or group" radio button (change if necessary).
  • Press the OK button
  • Click Actions tab, and press the New... button.
  • Enter the path for the program that you want to be launched, the press the OK button
  • Press the OK button

Monday, December 01, 2008

Windows Vista: Re-Activating the Built-in Administrator Account

In previous versions of Windows the built-in Administrator account was enabled default (this was before Vista). This was a major security risk because hackers knew which they account they needed to attack to get complete access to the computer.

In Vista if you do a clean install (not an upgrade), this account has been disabled by default. If for some reason you need to reactivate this account (which I recommend against unless there is a good reason) the instructions are below:
  • Log on to the machine with a local administrator account (if you don't have one already then these instructions will not work for you).
  • In the Search field under the Start menu type MMC.EXE and press the Enter key. Press Continue button in the UAC prompt to open the console.
  • From the File menu, select "Add/Remove Snap-in".
  • In the "Available Snap-ins" list on the left, scroll down and select "Local Users and Groups", then press the Add button.
  • In the "Choose Target Machine" dialog box, select "Local Computer" press the Finish button, then press the OK button.
  • Expand the "Local Users and Groups" icon in the left pane and click the Users folder.
  • In the right pane, right-click Administrator account and select Properties
  • In the General tab, uncheck "Account is disabled" box, then press the OK button.